Taking Control over the Wild, Wild West within your Organization Tom Reding, CRM, Executive Consultant: Risk, Governance, & Compliance Solutions
Agenda (2.0 Hours) • Define the Wild, Wild West of your enterprise • Managing Records on Network Drives • Impact of the “new” Federal Rules of Civil Procedure (FRCP) • Federated Records Management (FRM) for “all of the repositories in your enterprise • Handling Transactional Database Records • e-Records enabling Reports Management • Where and how does RM & FRM fit into an SOA Framework? • Phased Implementation Recommendation • What’s next for Master Policy Management? • Q&A
“Corporations can not demonstrate compliance without Records Management”
Defining the “Wild, Wild West of your enterprise • Desktops & Laptops • Network file shares • Various Corporate Archives • Data Warehouses • Report Management Systems (IDARS, COLD)
Records Management Solutions should be capable of preserving your existing investments in business applications & repositories, while at the same time future proofing you regarding future application and repository investments. “Corporations can not demonstrate compliance without Records Management”
An e-Records Management Strategy Deliver electronic records management as an element of information technology infrastructure. Records Management technology should be used to “e-Records enable” all types of business processes, applications, repositories, storage management systems, and content integration solutions.
OK, I’ll Set Up Records Management Policies…zzz! Records Retention Policies are … well … rather boring, But consistent adherence to Policies helps to demonstrate Compliance
Are you one of those in the Board Room or “middle management”?
Examples of What NOT to do | Compliance Hall of Shame Luke Duffy Formerly of Bank of Australia Now Serving Time, Took Down CEO Bernie Ebbers Former CEO of WorldCom Now Serving 25 Years Ken Lay Former CEO of Enron Faced 175 Years Morgan Stanley Fined $1.45 Billion Stock Price Down CEO Removed Gale Norton Secretary of the Interior Held in Contempt of Court Liu Jinbao Former CEO of Bank of China Now on Death Row
Effective Records Management is the Goal for MOST Corporate Legal Departments….
R Records Management from Creation to CoreSecure Data Management at the “Desktop Edge” & Records and Content Management at the “Core” Desktop Applications eMail Business Applications Microsoft Office Notes Database Lotus Notes MS Exchange Peoplesoft Siebel SAP Email Archiving Document Management Secure Desktops Laptops & Fileshares Data Capture and Classification upon Creation Information Routing Immediate Out-of-the-box functionality today Records Management Administration Professional Services Records Management (Retention Schedule, File Plan) Information Integration (Federation, Search) Content Management (Storage, Search, Security) Physical Records Commercial Rcds Store Rpts Mgmt Documentum OpenText SharePoint, Stellent, etc. Strategic Content Repository
e-Records Management: Past, Present, & Future • 1st Generation – Paper & Microforms Retrieval System (Computer Assisted Retrieval Systems [CARS]) • 2nd Generation - 1st Generation Solutions upgraded to manage desktop documents, bring their own repository and search tool (Records Management Applications [RMA]) • 3rd Generation – New Paradigm introduced, e-Records Policy Engine used to embed RM features and functions into business applications (at server & / or desktop), w / repository independence, use existing customer search tools • 4th Generation – e-Records Policy Engine extended to embed RM features and functions via Enterprise Content Integration (Federated Records Management) • 5th Generation – To be determined • 6th Generation – Universal Virtual Computer
5th “NEXT” Generation RM Policy Management • Tie to Master Data Management for metadata integrity • Link Privacy Management & Digital Rights Management • Open Systems Interface developed and promoted to all software vendors • Enhance linkage between RM & Storage policy (RM & HSM) for media & data format migration, etc. • Enhance compatibility linkage between RM & CAS storage solutions for expungement process Disclaimer: None of the information presented above should be viewed as a commitment, it is only presented for informational purposes All of the plans are subject to change. Features may be pulled out of the release at any time for any reason.
Most Corporations Unready for New Federal Rules of Civil Procedure on Electronic Evidence
Evidence Discovery Legal • Search • Review • Redact • Present New FRCP: How Does This Impact You? • Your Organization faces a >95% chance of litigation in 2007 • You MUST know where your documents live • You MUST keep relevant documents with metadata • FULL Records Management is INEVITABLE • You MUST be able to search for and present documents intact regardless of location
Summary of Rule Change / Clarification • An assessment of the organization’s information policies and procedures to ensure that the right records and information can be located, preserved and produced for discovery when necessary. • The creation of an effective Legal Hold policy to stop the destruction of records and information due to routine business processes or other reasons. • A process for disseminating a clear and effective Legal Hold notice to inform employees and others of their responsibility to preserve certain records / information for litigation. • Assessment of the organization’s IT infrastructure to ensure it can effectively support the Legal Hold process and preserve all necessary records and “data compilations” without hindering business processes. • Points of contact across the organization’s business units that possess a thorough knowledge of their areas’ records and information, as well as what form those records are in and where they are located.
Summary of Rule Change / Clarification (continued) • Within 30 days of filing a discovery order opposition counsels must meet to decide how to handle electronic evidence discovery. • Firms must agree on what records are shared and in what format. • Gartner Analyst John Bace said, “… companies will need to act immediately to avoid the potential for sanctions and "negative inferences" in court battles; … organizations should quickly take steps to develop records retention policies and content management procedures to help protect the organization in case records are lost.”
Auto Declare and Classify via a rules-based metaphor: Rules-based metadata + Rules-based on roles / responsibilities + Rules-based content/full text (traditional) - Rules-based content/full text (spam filter type) * Rules-based contextual analysis = Crawl existing desktops, fileshares, business applications for records # Various Methods Automatically Declaring & Classifying Records + Recommended as “Best Practices” - Shortcomings sighted in 2 gov. studies (NARA & DOE) * Currently being evaluated as a new “Best Practice = BP offering under development # May be a privacy issue in some businesses
Various Other Methods for Declaring & Classifying Records • Server-based automatic classification • Via the e-Records Solution • Via an e-Mail Archiving Solution • Workflow includes a tiered scale of manual and automated methods • Select from a Quick List (those record types used for select work group or dept • Drag & Drop in a folder (which has a retention rule behind it) • Browse the organization’s File Plan
Leave records in native repository 1 Strategic Content Repository • Move records to a strategic repository at declaration 2 RM + ECI = Federated Records Management (FRM) Records Manager MS SP OTEX DCTM Stellent … Other Content Repositories …
3 R Business Application 2 Classification and Retention Rules 2. Via simple insert of content into a records-enabled folder 3. Through buttons or drop-down menu items in applications Declare & Classify Workflow Process Records can be consistently declared and classified: 1 1. As a preconfigured step in a workflow process or when lifecycle state changes Records Manager Subscription Event Services Content Monitor Event Handler Federated Records CM
R R R R Classification and Retention Rules Discovery + Application& Release of Hold Orders • Reduces discovery costs • A records administrator performs a… • … single search • …acrossmultiple repositories • All relevant records identified are placed on hold to suspend normal retention schedules Records Manager Subscription Event Services Content Monitor Event Handler Federated Records CM
R R R R Classification and Retention Rules Disposition • Centralized review and timely disposition of all records as they reach the end of their retention period • Reduces disposition costs • Ensures organizations don’t retain too few or too many records Records Manager Subscription Event Services Content Monitor Event Handler Federated Records CM
Imaging/DocumentMgmt ReportMgmt Web Content/Media AssetMgmt Workflow/BusinessProcess Mgmt NetworkFileSystems CustomSystems WebSphere II Content Edition - Content Integration Platform Lets you work with content from multiple, disparate content sources as if it were stored in one unified system • Single interface to multiple content sources and workflow systems • Rich, bi-directional content functionality • Exposes all underlying functionality and adds federation services • Development components and APIs for building custom applications • Requires an API at the application / repository level to enable federation
Connector IBM Federated Records Management Solution RM Expertise: Consulting, defining file plans, workflows, etc. Custom Client Applications Discover content, hold and destroy records, browse and search file plans Web Components Enterprise Search Hold Search W-flow Declare RM Host Interface Subscription Event Services Records Manager Event Handler Content Monitor RM Logic Extensions Repository MQ W-flow Records Database Repository Repository Existing IICE FRM Software Assets
Federated Records Managementfor Reports Management • Reports data now consistent with other organizational records • Helps meet compliance objectives and supports litigation requirements • Declare and classify records • An entire load – or – individual documents within a load • Classify to the corporate records file plan • Time, event and event+time retention rules • Apply legal holds and manage the records lifecycle Records William Smith 345-67-8901 Ronald Smith 234-56-7890 Jonathan Smith 123-45-6789
Additional Options for Legal Holds and Dispositions • Individual records can be retained… …while dispositioning the rest of the original data load • Unload and extract individual records on legal hold • Reload them into a new application group • All their records metadata and properties are maintained • The rest of the original load completes disposition Unload & Reload with records metadata in tact Disposed Disposed William Smith 345-67-8901 Ronald Smith 234-56-7890 Jonathan Smith 123-45-6789
What, When, Where and How of Structured Data capture as “official” business records • What conclusions has your organization arrived at regarding • What, When, Where, and How • Keep it simple • Point of “authentication” vs. a draft • Reports Management System: Things to be aware of • LARGE BLOBS • Application and Release of Hold Orders • Unique disposition step-by-step processes • Example: Web Transactions at business records • Content, Structure, Context
Structured Data as Business Records • Capturing the Input & Output is key • Manage in-place vs. capture and preserve in a secure repository (ECM) • In-place: no duplication, use production system when performing discovery • Move to a secure repository: use same user interface, helps ensure desired high performance of the transactional system
Why Federated Records Management Matters • Content and records management have been departmental investments, creating many content silos • Reports Management data has typically not been brought under records control • Compliance requires complete access and control over records stored across many disparate systems • Consolidating all records to a single repository is typically not a viable alternative in the short-term • IBM Federated Records Management leverages legacy content / records investments Centralized records management helps ensure consistent application of recordkeeping policies… …regardless of where information is stored
Benefits of IBM Federated Records Management • Reduce risk through automated, consistent application of the records program all content stores • Bring third-party content repositories under records control • Bring reports data under records control • Help meet compliance and litigation requirements • Accelerate enterprise records deployment • Reduce the initial and ongoing costs of recordkeeping • Provide a “future-proof” infrastructure • Add, remove, change repositories without disrupting records management and/or risking noncompliance
Federating Access to Enterprise Information SQL Web Services & Applications SQL Content Traditional Structured Systems, Applications & Repositories Unstructured Repositories Mainframe databases Mainframe files Relational databases XML Web services Packaged applications Web Other Collaboration Systems Content & Imaging Workflow systems • IMS, • Adabas • CA-Datacom • CA-IDMS • VSAM, • Sequential • DB2 UDB • Informix • Oracle • Sybase • Teradata • Microsoft SQL Server • ODBC • WebSphere BI Adaptors • SAP • PeopleSoft • Siebel • OLE DB • Excel • Flat files • IBM Lotus Extended Search • Web search • LDAP • Custom-built • DB2 CM Family • Domino.doc • Documentum • FileNet • Open Text • Stellent • Interwoven • Hummingbird • WebSphere • FileNet • Lotus Notes • Microsoft Index Server • IBM Lotus Extended Search • Sametime • QuickPlace • Microsoft Exchange Plus partner tools and custom-built connectors extend access to more sources
Metadata is a key element in every electronic business record • Why is Metadata important? • It is often impossible to establish authenticity and relevancy of records w/o supporting metadata • Requesting parties are entitled to “all” metadata supporting records produced in discovery • Application Metadata vs. System Metadata • Application metadata is embedded within the file, it describes the file and moves with the file when it is copied • System metadata is an analogous to a library card catalog, it is stored and maintained external to the file • “Every” active file (no exception) in a computer system maintains system metadata used to track the file location & file demographics (i.e., file name, size, creation, modification, and usage) • MS Windows and MS Word example: • Metadata supporting may be larger than the file itself, 80+ application & system metadata fields tracked for MS Word .doc files
Archive Services - Part of IBM ECM Portfolio Invoices, statements, reports Scanned Paper and fax Wireless & PDA ERP, SAP, SCM, CRM data Business Content in a Strategic Repositories Kiosk E-mail File systems, SharePoint, IBM Workplace Portal / Browser Audio, Video, Photo Web Content Call Center
Control of the Wild, Wild West behind your firewall • What: Network File Shares, Desktops, Laptops • How: • File Systems Archive • Windows Explorer like capture, declaration / classification and move to a central repository • Records Crawler • Crawls Network File Shares, Desktops and Laptops looking for business records based on pre-defined business rules, declare / classify in place or move to central repository • Trusted Edge • Provides for end-user declaration and classification based on pre-defined business rules (leverages MS Office templates), declare / classify and secure in place or move to central repository allows for convenience copies and ensures their accountability and disposition
Who File Systems Archive Automated or End-users Records Crawler Automated Trusted Edge End-users When File Systems Archive At project / case closure Records Crawler Anytime Trusted Edge Upon Creation / Receipt Control of the Wild, Wild West behind your firewall
File System Archive File System Archive Example Consists of • WebSphere II Content Edition, IBM Content Manager, Archive Solution Components* Key Features • Interactive or automated archival of files into Content Manager • Using file “stubs”, files may be accessed as if they remain on the file system Before Business Value • Seamlessly archive files without disruption to end-user • Archived files are managed in a central content repository • Reduced risk by treating the files as records once archived After *Services Offering
Accessing Archived Content • Use Explorer-like interface to browse or search for archived content.
FRM Solutions – File System Archive • Ad-hoc archival of File System content to Content Manager • Select files individually from Windows Explorer or drag/drop them into a pre-configured folder to archive • Configure the CM item class and folder where the content will be archived • Prompts user to specify CM metadata for the content • Formal Retention Rules applied via Records Manager • Options to delete original File System content or leave a stub behind • Stub uses URL Addressability to open the content in CM
Records Management Records Crawler – Not Another Search Tool Imaging • Monitor – Records Crawler automatically monitors file systems based on business policy and rules contained in Records Crawler profiles. Once a record is identified (every spreadsheet with “budget” in title) … • Action – is taken as specified in the profile (copy, move, stub, delete, declare record, trigger workflow / BPM process) • Classify – Direct integration intoRecords Manager file plan ensures precise classification into file plan • Enforce - Places content and records under managed control and enforces security, privacy, compliance and audit policies • Unique offering – No other ECM vendor offers a file system management tool like Records Crawler EmailManagement File System Management ContentDiscovery ProveCompliance
Records Capture Rules and Profiles File Plan Policy Management Unmanaged File System Records Documents Spreadsheets Web Content Images PowerPoint ECM Repository Records Manager Records Crawler Records Crawler – How it Works Business Users Monitors and identifies Records Applies Rules and Profiles Move, Copy or Stub
Records Crawler Overview • Manage network file shares • Simple manipulation of files • Intelligent indexing • Multiple source and target system options for file management
Unified Document and Email Management / Discovery Search, Retrieve, Deliver Manage Disposition Monitor or Supervise Audit Classify Destructive Delete Federated Repositories (2..n) Capture • Mailbox • Real-time • Reports • Office documents • Email • IM • Printed Output • etc. Secure, Scalable Archive Search, Retrieve, Deliver Capture Classify Supervise* Manage Audit Delete Ingest records (email, IM, documents) into archive (automatic) Record classification utilizing corporate file plan Federated Classification Monitor records to detect violations of regulatory or corporate policy (e.g., NASD 3010/3110) InformationLife Cycle Management Legal Hold Federated records management Recording of every interaction from capture to destruction Fully auditable reports to verify compliance Mitigate risk with full disposition management Destructive deletes according to policies Full text federated seach across all data types Legal discovery Documents on PCs and shared drives is notoriously unmanaged Records Policy applies to records IT Policy applies to non-records Need to disposition records and non-records IT storage management Must search controlled repositories and uncontrolled PCs and shared drives End Users know “best” how to classify – at file creation Need to audit records and non-records * Optional function Customer Challenges
Value-Add for Managing Convenience Copies Search, Retrieve, Deliver Manage Disposition Monitor or Supervise Audit Classify Destructive Delete Federated Repositories (2..n) Capture • Mailbox • Real-time • Reports • Office documents • Email • IM • Printed Output • etc. Secure, Scalable Archive Search, Retrieve, Deliver Capture Classify Supervise* Manage Audit Delete Capture electronic documents and email at the “edge” from the moment they are created Inventory * Classify according to “blended” IT and Records Policies Automated classification * Monitor records to detect violations of regulatory or corporate policy (e.g., NASD 3010/3110) ILM of both records and non-records Legal Hold of records and non-records Record every interaction from capture to destruction for records and non-records Fully auditable reports to demonstrate compliance Disposition according to “blended” IT and Records Policies Search all federated repositories AND Search all PCs and shared drives * Integration with iPhrase is a potential future value-add * Optional function * Inventory existing documents and emails is a potential future value-add
Managed Convenience Copy Architecture XML Data Capture and Classification upon Creation Visibility and Control Information Routing Layer Applications Storage Content & Records Management Archiving
Desktop Records Management • Capabilities: • Classification at Creation / Receipt • Document Branding • In-place and/or copy to Strategic Repository Records Management: Disposition and Litigation Holds of Desktop and File Server documents and files • Seamless Online / Offline operation • Fully integrated with IBM Records Manager and Content Manager • Future-proofing: Desktop management that anticipates ECM, Tivoli Storage Manager, etc.
How to Manage Desktop Information • Configure policies and actionable business rules • “Blended” Records and IT Policies • Flexible and robust policy configuration with location-sensitive retention rules • Classify documents and e-mails at creation / receipt • Acquire metadata (system, application, business context – policy and user specified) • Brand/Tag with metadata and a unique ASSET ID • Self-describing throughout its lifecycle • Classify • Store data and metadata to the designated location • Manage retention of all copies, regardless of location • Apply and release Legal Holds • Reporting and Auditing • Document and Email Forensics • Discovery • Disposition Official Records and all copies
Benefits of Managing Desktop Documents • Desktop Information Management • Reduce enterprise risk at the desktop • Control all information and records from creation to destruction • Inventory files on desktops, laptops, shared drives (potential future FSA integration) • Automated contextual classification (potential future integration) • Bring information under policy control from the moment it is created in any desktop application • Manage retention of all copies according to policy • “In place” on desktops and shared drives • In content management systems • In email systems and archives • Reduce storage costs through intelligent storage management • Classification-driven tiered storage • Disposition official records and all copies and renditions • Eliminate “smoking guns” and rogue information